All professional practices should ensure that their websites are protected by a SSL security certificates which provides safe communication between your website and any information submitted by your users or patients. An SSL Certificate works by providing a secure channel for the transmission of encrypted data to travel without threat of being intercepted or hacked by unauthorized parties.
As phishing, malware and hacking attempts become more elaborate and advanced, it is vital that your website is protected by an SSL certificate. This is, in reality, a two-part equation. First and foremost a security certificate protects your user’s information from being stolen in transmission with your website. The second element is that it protects you from exposure and potential liability in the case of a data breach of your practices records. It would be difficult to explain in a lawsuit that you were, in fact, taking steps to protect your data and personal records of your patients if the very cornerstone of online data safety is the SSL certificate missing from your website. This alone would be in many cases be enough for you to be found liable for failing to use standard procedures to protect the interest of the information your files contain.
SSL Certificates and Their Relation to Business Viability
In the fall of 2017, Google announced that they would be flagging all websites that didn’t have an SSL certificate. Since 2014, Google has been encouraging website owners to adopt this security protocol and began using it as a ranking factor in how high certain websites appeared in search rankings. As of July 2018, Google will begin penalizing sites that do not have an SSL certificate and in some cases remove them from their search engine altogether.
Currently, websites that do not have an SSL certificate show in Chrome as a gray unsecured exclamation icon as shown in this screen show below.
How Does this Make Your Site and Data at Risk?
Unsecured forms are the primary ” backdoor ” to websites and the servers they are hosted on by cybercriminals. These forms provide the possibility for a hacker to access the back end of your site including your databases and potentially your entire office computer system at which time they can access payment information, client files and go as far as installing an encryption virus that can completely destroy all financial and client records unless you pay a ransom fee to get back.
In addition, here is how your website being unsecured can make you vulnerable to being a victim of hacking
- Cyber thieves access your admin on your site and obtain usernames, personal data etc of your staff or doctors and use that information to impersonate you.
- Hackers access your patient contacts and use elaborate methods/hoaxes to trick people into believing they are communicating with you. Once they gain their trust they are vulnerable to be scammed in a variety of methods.
- Criminals install a hidden virus on your server that steals personal information from your site’s users.
- Malware is installed on your site that infects your user’s computers.
The first step in protecting your site from this type of serious problem is to have a proper SSL certificate installed and activated on it.
Google is Getting Serious About Non-Compliant Sites…
In July of 2018, this warning will become far more noticeable and will warn visitors to your website that your site is not secure and vulnerable to attackers. The grey icon will now begin to show as a red warning beside your website address that will tell visitors that your site is not secured properly.
In the case of an SSL certificate being installed incorrectly or is invalid, a popup window will appear warning the user not to use the site. Below is a screenshot of a website that did not have a valid SSL certificate that has expired due to an error on the developer’s end who was not familiar with how to register and install an SSL certificate.
All Browsers are Beginning to Implement Warnings Regarding No SSL Certificates.
The not secure website warnings are taking place on all browsers as shown below. Internet Explorer has also started flagging websites that have invalid or missing SSL certificates with the following message.
Firefox has also started flagging websites with missing or invalid SSL Certificates as seen below.
The Implications of this on Your Website
With Chrome, Internet Explorer, Safari and Firefox flagging sites without SSL certificates as not secure, and Google preparing to penalize sites without and SSL, the urgency for professional practices sites such as Dental Clinic websites to secure their digital properties is becoming increasingly more important.
It is safe to say that there will be a significant dropoff in traffic and users to a site with this type of warning being displayed beside your website address.
This change will have a far-reaching impact on website traffic and subsequently the number of new patients or repeat visits by current patients. Statistically, we know that 91% of internet users in North America use Google to find and research any type of professional practice including Dentists. With Google pushing down sites that don’t have SSL certificates, and now preparing to flag sites with no SSL, the impact on these sites that don’t comply with an SSL certificate could see a significant drop in their business for 2018 and beyond.
Installing an SSL Certificate on Your Website
When an SSL Certificate is installed correctly on your website, the browser address bar will show in Chrome a green padlock icon with the word SECURE in front of your domain name. There are a variety of SSL certificates available depending on your needs as a professional practice.
There are essentially two variations of an SSL certificate. The basic version – or Standard Validation is a certificate the verifies the domain to the server and ensures that the information being passed back and forth between the user and the site is encrypted and secure. The more advanced SSL option is an Extended Validation SSL is where the certificate is matched to the domain as well as the company who owns it.
You can see the differences in this screenshot
Standard Validation certificates are issued based on the website address and the server’s verification. Extended Validation Certificates are more complex and require a level of paperwork and verification by the Certificate Issuer. Once the site and ownership are verified, the advanced certificate is installed on the company’s server and their name will appear with a padlock showing that the site is fully secured and owned by the legal entity displayed in the browser bar.
For help with installing your SSL certificate on your website, please click here.